ISO 27001 Consultancy Services

ISO/IEC 27001 is an international information security management system (ISMS) Standard which was first published in October 2005 before being revised and updated in 2013. Along with ISO 27002, ISO 27001 provides organisations with a best practice framework for managing their information security.

Achieving certification, entailing an external assessment of the ISMS by a certification body, provides you with the most effective means of demonstrating your information security commitment and capabilities to clients, internal and external stakeholders.

URM’s ISO 27001 Services

Having been involved in implementing ISO 27001, the International Standard for Information Security Management Systems (ISMS’), since its inception, URM has unrivalled insights into the Standard’s requirements and how best to satisfy them. URM is adept at supporting all stages of the ISO 27001 lifecycle, from conducting gap analyses and risk assessments through to ongoing management system and control audits. URM can offer your organisation full lifecycle services or one of the more specific services detailed below:

Gap Analysis - URM will assess both your existing information security framework or management system and your information security controls. With regard to the former, our consultants will review both your documentation and your working practices in order to identify what gaps exist in relation to the requirements contained in the mandatory clauses (4-10) of ISO 27001. Similarly, with regard to the information security controls or measures, we will identify what gaps exist in relation to the controls of Annex A of the Standard.

Risk Assessment - ISO 27001 is fundamentally a risk-based standard, where you can identify the risks that are specific to your organisation’s information assets and how best to treat them based on your risk appetite. Utilising its ISO 27001 proven risk assessment tool Abriska, URM can assist you not just in identifying the threats to your information assets, but the likelihood and impact of them occurring. Once you have identified your greatest risks, you are then able to prioritise your risk treatment activities and maximise your time, effort and budget. With Abriska, you will also be able to run all the necessary (ISO 27001) reports, i.e., Statement of Applicability (SoA), risk register and risk treatment plan (RTP).

Developing Policies and Processes - The risk assessment will determine what policies and processes need to be developed and implemented. Some may be existing policies and processes which need amending or refining, whereas others may need to developed from scratch. Whichever it is, URM will ensure they are developed with 2 goals in mind. Firstly, they will be tailored to match your culture and style and reflect what you actually do. Secondly, our consultants will ensure that anything produced will fully meet the requirements of ISO 27001. URM can assist you in the development of your IS Policy, along with all the supporting policies and processes.

Developing your ISMS Framework and Infrastructure - In order to conform with the requirements of ISO 27001, you will need to establish a framework and management system. URM will draw upon its experience and help you establish some of the key components such as:

  • An information security forum (ISF)
  • Monitoring and measurement mechanisms for management systems
  • An information security training and awareness programme.

Internal Auditing - Auditing plays a critical role in ensuring that your organisation’s management system is operating effectively. A significant challenge for many organisations is a lack of sufficiently competent resources or those with sufficient impartiality to cover all auditing needs. With URM, our auditors are skilled and knowledgeable not only in audit techniques, but also in the subject of the audit, whilst at the same time demonstrating independence from the area being audited. URM can offer your organisation a flexible range of audit services from planning and implementing a full 3 year’ ISO 27001 audit programme, to conducting individual audits against any aspect of the ISMS or any specific controls.

Full Implementation Support – As well as providing consultancy support against the above-mentioned areas, URM’s consultants can also provide guidance and knowledge transfer across the full ISO 27001 implementation lifecycle. Furthermore, URM can offer your organisation 2 levels of support:

  • The first level of support is where URM takes the lead in terms of development, and you review and approve
  • The second level of support involves URM providing a ‘light touch’ advisory and mentoring service, with you taking responsibility for developing your ISMS and URM reviewing all outputs to assess if they fully meet the relevant requirements of the Standard.

Interim Information Security Manager – A further ISO 27001 service we can provide is our Interim Information Security Manager Service to cover for absence or while you recruit a permanent resource. Equally, URM’s interim resource may be required to manage a specific project, e.g., implementing a management system or complying with a new regulation, or addressing a turnaround or change requirement.

Why URM for ISO 27001?

Risk management expertise - Getting the assessment and management of information security risk right is critical. It is also an area where URM excels and where clients can take advantage of URM’s in-house risk management module, Abriska, with its robust and proven risk assessment methodology and the extensive experience and expertise of its consultants.

Achieving optimum balance - When helping develop your ISMS, URM’s goal is to achieve the optimum balance between meeting the mandatory management system requirements of ISO 27001 and ensuring your management system is fully sustainable and tailored to your organisation’s size, culture and business objectives

Track record - URM has an unparalleled track record of assisting over 300 organisations to achieve and maintain certification to ISO 27001 and is proud to have never been involved in a failed certification project. Our clients have ranged in size from micro businesses to multinationals and come from a diverse range of market sectors and, due to our tailored approach, every one of the 300+ implemented ISMS’ has been different.

We have helped more than 300 organisations, let us help you

More about ISO 27001 and 27002

Consultancy Services

Information Security Training

About URM

Follow us on